On Wed, Jan 10, 2007 at 09:24:06PM -0800, Larry Petty wrote:
I'm trying to figure out exactly how the knowledge base works. Below are my
current settings. If I launch a scan and then kill it half way through, I
can re-launch the scan and it skips over the addresses already scanned
picking up where the scan was stopped. I can then look at the output file
and have a complete report.
That sounds more or less right. The only quibble I have involves "a
complete report". I'd expect the report would only contain information
obtained from when you resumed the scan, not anything that was obtain
before the scan was terminated half-way through. You should be able to
verify this with the help of nessusd.messages.
If I launch another scan on the same hosts before the kb_max_age expires,
the scan doest not run. I end up having a blank output file.
That's because you're using the KB and you have the four kb_dont_replay*
settings enabled. [Actually, you might still get a report if you add
*new* plugins to the server and those generate a report.]
Is there any documentation that
explains how this works?
There's a full chapter about the Knowledge Base in "Nessus Network
Auditing". Or you could refer to edgeos Security's Nessus Knowledge
Base, <http://www.edgeos.com/nessuskb/> (and ignore the link to
<http://www.nessus.org/doc/kb_saving.html>, which is no longer accurate).
George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|